Safari crashes reproducibly when editing text fields after r70847. I reported this as <rdar://problem/8612962> with the following steps to reproduce: 1) Load <http://maps.google.com/>. 2) Click "Get Directions". 3) Click in the B field and start typing "Luxor Hotel". Safari crashes during step 3. This crash also occurs in Mail when composing messages. I also hit it when trying to file this bug in Bugzilla (typing in the Summary field) and was forced to switch to Firefox.
That change was from bug 48287.
Relevant snippet from the crash log: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010 Thread 0 Crashed: 0 com.apple.WebCore 0x0000000103860df2 WebCore::Range::cloneRange(int&) const + 18 (RefPtr.h:59) 1 com.apple.WebCore 0x0000000103fb6e27 WebCore::TextCheckingHelper::paragraphAlignedRange(int&, WTF::String&) const + 73 (PassRefPtr.h:185) 2 com.apple.WebCore 0x0000000103ba3af3 WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges(unsigned int, WebCore::Range*, WebCore::Range*) + 877 (PassRefPtr.h:185) 3 com.apple.WebCore 0x0000000103ba1e45 WebCore::Editor::correctionPanelTimerFired(WebCore::Timer<WebCore::Editor>*) + 219 (PassRefPtr.h:74) 4 com.apple.WebCore 0x00000001037793be WebCore::ThreadTimers::sharedTimerFiredInternal() + 130 (ThreadTimers.cpp:115)
This crash appears to occur when typing in any text area that has spell checking enabled. That makes tip of tree unlivable. For that reason I'm going to roll out the patch that introduced this crash.
*** Bug 48646 has been marked as a duplicate of this bug. ***
Bug 48646 has info about an assertion that is hit in debug builds.
Rolled out in r70970.